Databases and associated tasks utilized in operations that manage large volumes of data are often rigid in their structure and do not readily adapt to dynamically evolving conditions. Furthermore, adaptation may be slow and costly when numerous different sources are utilized by the database.
By way of example, one particular application in which such rigidity is problematic is the area of information technology governance, risk, and compliance (IT-GRC). IT-GRC concerns the related disciplines of controlling and directing an organization or entity, and monitoring and ensuring the organization's compliance with applicable regulations.
IT-GRC applications are used by some enterprises to help ensure compliance with an ever-increasing number of regulations. Some examples of regulations managed by IT-GRC applications include Sarbanes-Oxley Act of 2002 (SOX), CoBIT control Objectives, FDA cGMP regulations, National Institute of Standards and Technology 800-53 (NIST 800-53), and the like. A company may, for example, implement a GRC application to sustain SOX compliance. The GRC application may be used, for example, to test a number of controls validating that policies and regulations are being followed for a related change management process.
The practice of GRC may be expensive and labor intensive. Errors have significant consequences in the form of penalties for regulatory violations. For this reason, some are turning to GRC software packages. Still, such software may be difficult to implement because the core functions of GRC are often managed using a variety of dissimilar and heterogeneous machines and software applications. It may be a challenge to compile, assess, and analyze data from these various sources.
The problems are multiplied for software packages that manage GRC (or other types of) data for multiple companies. Often, different companies employ different and seemingly incompatible strategies and hierarchies in organizing their data records. As data records inevitably employ complicated relationships and layers, this often requires the services of a programmer just to produce a simple report. These challenges present substantial challenges to efficiently and accurately assimilating, analyzing, and reporting information from diverse systems, such as GRC systems.